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enter the following amendments to the specification, claims and abstract: 

IN THE SPECIFICATION: 

Page 1, lines 3-4 



This invention relates to a technique enabling access to packet-based services, 
such as IP, Frame Relay, and ATM, through an Ethernet protocol network. 
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Page 1, lines 13-20 

As an alternative to private line access, communications service providers such as 
AT&T also offer virtual circuit access allowing several customers to logically share a 
single circuit, thus reducing costs. Such shared circuits, typically referred to as 
Permanent Virtual Circuits, allow communication service providers to guarantee 
customer traffic flows that are distinguishable from each other, are secure, and allow 
customers to enjoy different service features. An example of such a technique for 
offering such shared service is disclosed in U.S. Patent 6,081,524, assigned to AT&T. 

Page 2, lines 8-20 

Briefly, in accordance with a preferred embodiment, a method is provided for 
routing data in an Ethernet protocol network having a plurality of platforms, each serving 
one or more customers. A first platform receives at least one frame from a sending site 
(e.g., a first customer's premises) that is destined for a receiving site (e.g., another 
premises belonging to the same or a different customer.) After receiving the frame, tbe 
first platform overwrites a portion of the frame with a customer descriptor that 
specifically identifies the sending customer. In practice, the first platform may overwrite 
a Virtual Local Area Network (VLAN) field that is typically employed by the sending 
customer for the purposes of routing data among various VLANs at the sending premises. 
Rather than overwrite the VLAN field in the frame, the first platform could overwrite 
another field, such as the source address field, or could even employ a "shim" header 
containing the customer descriptor. All fiirther use of the term customer descriptor 
implies that any of the above or similar techniques could be used. 
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Page 2, lines 21-28, page 3, lines 1-2 

After overwriting the frame with the customer descriptor, the sending platform 
routes the frame onto the MAN for routing among the other platforms, thereby sharing 
trunk bandwidth and other resources, but logically distmct from other customers' traffic 
with different customer descriptors. A destination address in the frame directs the frame 
to its corresponding endpoint. Upon receipt of the frame, the receiving platform uses the 
customer descriptor to segregate the frame for delivery to the proper destination, 
especially in the event where different customers served by the same platform use 
overiappmg addressmg plans. Thus, the customer descriptor in each frame 
advantageously enables the receiving platform to distinguish between different customers 
served by that platform. 

Page 3, lines 3-6 

CP 

^ For traffic with a destination beyond the MAN, this method provides a convenient 

KB?!; 

in and efficient way to map the customer descriptor to similar identifiers in a Wide Area 

ij= Network (WAN), such as a Permanent Virtual Chcuit (PVC), a Virtual Private Network 

C3 (VPN), or an MPLS Label Switched Circuit. 

w 

g Page 3, lines 7-13 

Overwriting each fi-ame with the customer descriptor thus affords the ability to 
logically segregate traffic on the Ethernet MAN to provide Virtual Private Network 
(VPN) services of the type offered only on more expensive Frame Relay and ATM 
networks. Moreover, the customer descriptor used to tag each frame can advantageously 
include Quality of Service (QoS) information, allowing the sender to specify different 
QoS levels for different traffic types, based on the Service Level Agreement (SLA) 
between the customer and the conomunications service provider. 
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Pages, lines 15-17 

FIGURE 1 depicts an Ethernet protocol Metropolitan Area Network (MAN) in 
which each frame is tagged with a customer descriptor in its VLAN field in accordance 
with the present principles; 

Pages, lines 18-19 

FIGURE 2 illustrates a sample frame for transmission over the network of FIG. 1; 
Page 3, lines s 24-26 

FIGURE 5 illustrates a portion of a MAN showing tiie manner in which frames 
are mapped to different Permanent Virtual Circuits by an ATM switch; 

page 3, lines 27-29 

FIGURE 6 illustrates a portion of a MAN showing the manner in which frames 
are mapped mto different Multi-Protocol Label Switching (MPLS) tunnels; 

Page 4, Imes 1-2 

FIGURE 7 illustrates a portion of a MAN showing the manner in which frames 
are mapped mto different service networks; 

FIGURE 8 illustrates a portion of a prior art Ethernet protocol network in which 
the VLAN on an mcoming frame received at an ingress port of a switch extends directly 
to frame output by the switch at an egress port; and 

FIGURE 9 illustrates a portion of an alternate preferred embodmient of the 
invention in which a VLAN tag on a frame received at an ingress port of a switch is 
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mapped to a second tag that is unique to an egress port of the switch which outputs the 
frame. 

Page 4, lines 4-10 

FIGURE 1 depicts an Ethernet Protocol Metropolitan Area Network (MAN) 10 
comprised of a plurality of Multi-Service Platforms (MSPs) 12rl2„ where « is an integer, 
each MSP taking the form of an Ethemet switch or the like. In the illustrated 
embodiment n=4, although the network 10 could include a smaller or larger number of 
MSPs. A fiber ring or SONET ring infrastructure 14 connects the platforms 12i-124 in 
daisy-chain fashion allowing each MSP to statistically multiplex information onto, and to 
statistically de-multiplex information off the ring infrastructure 14. 

Page 4, lines 11-21 

Each of MSPs 12i-123 serves at least one, and in some instances, a plurality of 
premises 16 belonging to one or more customers. In the illustrated embodiment of FIG. 
1, the MSP 12i serves a single customer premises 16i belonging to customer 1 whereas, 
the MSP 122 serves premises I62, and I63 belonging to customers 2 and 3, respectively. 
The MSP 123 serves a single premises I64 that belongs to customer 3. The MSPs 12i-123 
are linked to their correspondmg premises via 10, 100 or 1000 MB hnks 19. The MSP 
124 bears the legend "CO MSP" because it serves as a central office to route traffic from 
the MAN 1 0 to a Provider Edge Router (PER) 1 8 for delivery to other networks, such as 
Frame Relay, ATM, MPLS networks or the Internet as discussed hereinafter. By the 
same token, the PER 18 can route traffic from such other networks onto the MAN 10 via 
the CO MSP 124. 
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Page 4, lines 20-29 

The traffic routed onto and off of the MAN 10 by each MSP takes the form of one 
or more frames 20 depicted in FIG. 2. Heretofore, traffic routed onto the MAN 10 fi-om 
a particular customer's premises was combined with other customers' traffic with no 
logical separation, thus raising secvirity concems. Moreover, since all customers' traffic 
share the same bandwidth, difficulties existed in prior art Ethernet MANs in regulating 
the traffic from each customer's premises, and in affording different customers different 
Quality of Service (QoS) levels in accordance with individual Service Level Agreements. 

Page 5, lines 1-8 

These difficulties are overcome in accordance with the present principles by 
"tagging" each frame 20 routed onto the MAN 10 at a particular MSP, say MSP I23, with 
a customer descriptor 22' (best seen in FIG. 2) that identifies the customer sending that 
frame. As discussed in greater detail below, each MSP receiving a frame 20 on the fiber 
ring infrastructure 14 uses the customer descriptor 22' in that frame to maintain distinct 
routing and addressing tables that are assigned to each customer served by that MSP. 
This permits each customer to use its own addressing plan without fear of overlap with 
other customers, as the customers are all maintained as logically separate. 

Page 5, lines 9-15 

FIGURE 2 depicts the structure of an exemplary Ethemet protocol frame 20 
specified by Ethemet Standard 802. IQ. Among the blocks of bytes within each frame 20 
is a Virtual Local Area Network (VLAN) Identifier 22 comprised of sixteen bits. In 
practice, the VLAN identifier 22, in conjunction with a VLAN flag 23 within the frame, 
facilitates routing of the frame within a customer's premises to a particular VLAN. 
However, the VLAN identifier 22 has no influence on routing of the frame 20 after 
receipt at a MSP. 
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Page 5, lines 16-28 

In accordance with the present principles, the prior disadvantages associated with 
conventional Ethernet networks, namely the lack of security and inability to regulate QoS 
levels, are overcome by overwriting the VLAN identifier 22 in each frame 20 with the 
customer descriptor maintained by the service provider. Overwriting the VLAN 
identifier 22 of FIG. 2 of each frame 20 with the customer descriptor 22' serves to "tag" 
that frame with the identity of its sending customer, thus affording each MSP in the MAN 
10 the ability to route those frames only among the premises belonging to that same 
sending customer. Such tagging affords the operator of the MAN 10 the ability to 
provide security in connection with frames transmitted across the network, since frames 
with customer ID A would not be delivered to any premises of customer with ID B. As 
an example, two or more customers served by a single MSP may use overlapping IP 
addressing schemes. In the absence of any other identifier, the MSP receiving frames 
with overlapping IP addresses lacks the ability to assure accurate delivery. 

Page 5, lines 29-31, Page 6, lines 1-3 

In the illustrated embodiment depicted in FIG. 2, each MSP of Fig. 1 tags each 
outgoing frame 20 by overwriting the VLAN identifier 22 with the customer descriptor 
22'. However, tagging could occur in other ways, rather than overwriting the VLAN 
identifier 22. For example, the source address block 25 within the frame 20 could be 
overwritten with the customer descriptor 22'. Altematively, the data field 21 could 
include a shim header comprising the customer descriptor 22'. 

Page 6, lines 4-15 

The tagging of each frame 20 with the customer descriptor 22' affords several 
distinct advantages in connection with routing of the frames through the MAN 10. First, 
as discussed above, the tagging affords each recipient MSP the ability to distinguish 
traffic destined for customers with overlapping address schemes, and thus allows for 
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segregating traffic on the MAN 10. Further, tagging each fi-ame 20 with the customer 
descriptor 22' enables mapping of the fi-ames from a MAN 100 depicted in FIG 3 to 
corresponding one of a plurality of customer Virtual Private Networks 261-263 within an 
MPLS network 28. As seen in FIG. 3, an MSP I2O2 within the MAN 100 receives traffic 
from premises I6O1, I6O2, and I6O3 belonging to customer 1, customer 2 and customer 3, 
respectively, which enjoy separate physical links to the MSP. Upon receipt of each firame 
fi-om a particular customer, the MSP I2O2 overwrites that frame with the customer 
descriptor 22' corresponding to the sending customer. 

Page 6, lines 16-22 

After tagging each frame, the MSP I2O2 statistically multiplexes the frames onto 
the fiber ring infrastructure 14 for transmission to a CO MSP I2O4 for receipt at a 
destination PER 180 that serves the MPLS network 28 v^thin which are customer Vutual 
Private Networks 261-263. Using the customer descriptor 22' in each frame, the PER 180 
maps the frame to the corresponding VPN identifier associated with a particular one of 
customer Virtual Private Networks 261-263 to properly route each frame to its intended 
destination. 

Page 6, lines 23-31, page 7, lines 1-2 

The tagging scheme of the present invention also affords the ability to route 
frames with different QoS levels within a MAN 1000 depicted in FIG 4. 
As seen in FIG. 4, an MSP I2OO2 within the MAN 1000 receives traffic from premises 
I6OO2, and I6OO3 belonging to customer 2 and customer 3, respectively, which enjoy 
separate physical links to the MSP, allowing each to send frames into the MAN. In the 
illustrated embodiment of FIG. 4, the frames originating from the premise I6OO2 may 
contain either voice or data and have a corresponding QoS level associated with each 
type of frame. Upon receiving such frames, the MSP I2OO2 overwrites the frame with the 
customer descriptor 22' corresponding to the particular customer sending the frame. The 
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customer descriptor 22' will not only contain the identity of the sending customer, but the 
corresponding QoS level associated with that frame. 

page 7, lines 3-10 

After tagging each frame, the MSP I2OO2 statistically multiplexes the frames onto 
the fiber ring infrastructure 14 for transmission to a CO MSP I2OO4 for receipt at a 
destination PER 1800 that serves an MPLS network 280 within which are customer 
Virtual Private Networks 26O2 and 26O3. Using the customer descriptor 22' in each 
frame, the PER 1800 of FIG, 4 maps the frame to the corresponding customer VPN to 
properly route each frame to its intended customer VPN. Further, the PER 1800 of FIG. 
4 also maps the QoS level specified in the customer descriptor in the frame to assure that 
the appropriate quality of service level is applied to the particular frame. 

Page 7, lines 11-27 

In the above-described embodiments, the frames of customer traffic have been 
assumed to comprise IP packets that terminate on a router (i.e., Provider Edge Routers 
18, ISOand 1800) and that the VPNs employ MPLS-BGP protocols. However, some 
customers may require multi-protocol support, or may otherwise require conventional 
PVCs so that the traffic streams must be mapped into Frame Relay or ATM PVCs as 
depicted in FIG. 5, which illustrates a portion of a MAN 10000 having a CO MSPI2OOO4 
serving an ATM switch 30 that receives traffic from the MAN. As seen in FIG. 5, each 
of premises I6OOO1, 16OOO2 and I6OOO3 belonging to customer 1, customer 2 and 
customer 3, respectively, may send frames for receipt at MSP I2OOO2 in the MAN 10000. 
The MSP I2OOO2 tags each frame with the corresponding customer descriptor prior to 
statistically multiplexing the data for transmission on the fiber ring infrastructure 14 to 
the CO MSP I2OOO4 for receipt at the ATM switch 30. The ATM switch 30 then maps 
each frame to the appropriate PVC in accordance with the customer descriptor 22' in the 
frame in a manner similar to the mapping described with respect to FIG. 3. Thus, the 
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ATM switch 30 could map the frame to one of Frame Relay recipients' 32i, 322, or 323, 
ATM recipients 324 or 325 or IMA (Inverse Multiplexing over ATM) recipient 326. 

Page 7, lines 28-3 1, Page 8, lines 1-6 

FIG. 6 depicts a portion of a MAN network 100000 that routes frames onto 
separate MPLS tunnels 40i-403 (each emulating a private line 32 in an MPLS network 
28000) in accordance with the customer descriptor 22' written into each frame by a MSP 
I2OOOO2 in the MAN. Each of customer premises 160000^ I6OOOO2 and I6OOOO3 
depicted in FIG. 6 sends information frames for receipt at MSP I2OOOO2. The MSP 
I2OOOO2 tags each frame with the customer descriptor prior to statistically multiplexing 
the data for transmission on the fiber ring infrastructure 14 for delivery to a CO MSP 
I2OOOO4 that serves a PER 18000. The PER 18000 translates (maps) the customer 
descriptors written onto the frames by the MSP I2OOOO2 into the MPLS tunnels 4O1-4O3 
to enable the PER to route the traffic to the intended customer. 

Page 8, lines 7-17 

FIG. 7 depicts a portion of a MAN network 1000000 for routing traffic (i.e., 
frames) onto separate networks in accordance with the customer descriptor written into 
each the frame by a MSP I2OOOO2 in the MAN. Each of customer premises I6OOOOO2 
and 16000003 depicted in FIG. 7 sends frames for receipt by the MSP I2OOOOO2. The 
MSP I2OOOOO2 tags each frame with the customer descriptor 22' prior to statistically 
multiplexing the data for transmission on the fiber ring infrastructure 14 for delivery to a 
CO MSP I2OOOOO4 that serves a PER 180000. In accordance with the customer 
descriptor, the PER 1800000 of FIG. 7 routes traffic to a particular one of several 
different networks, e.g., an Intranet VPN 42i, a voice network 422 and the Internet 423, in 
accordance with the customer descriptor 22' written onto the frame by the MSP 
I2OOOOO2. 
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Page 8, before line 18, insert- 
Referring to FIG. 8, a prior art Ethernet switch 20000000 receives Ethernet 
frames at one of a plurality of input (ingress) ports, exemplified by ports 22000000, 
24000000, and 26000000, from one a corresponding one of networks 28000000, 
30000000 and 32000000, respectively, The frames are destined for an endpoint (not 
shown) served by a Wide Area Network (WAN) 36000000 linked to an egress port 
40000000 of the switch 20000000 by an Ethernet trunk 38000000. Each Ethernet frame 
received at one of the ingress switch ports 22000000, 24000000, and 26000000 carries a 
tag, which in accordance with the IEEE 802. IQ Standard, identifies the Virtual Local 
Area Network (VLAN) that originated the frame. Thus, for example, a frame originated 
at network 32000000 associated with a VLAN having an Identification Designation (ID) 
of 5 will carry a tag with the corresponding VLAN ID. The VLAN address is twelve 
bits, offering the ability designate as many as 4096 separate VLANs. 

A VLAN domain extends across any set of connected Ethernet switches, and 
therefore the address space of 4096 individual VLANs is shared across such an extended 
network of switches. In the past, the VLAN tag associated with an incoming Ethernet 
frame received at one of the ingress switch ports will extend directly to the egress switch 
port. Hence, the VLAN tag of an Ethemet frame received at the ingress port 26000000 
extends directly to the egress port 40000000 on which the switch outputs the frame. The 
direct extension of the VLAN tag between the Ethemet switch ingress and egress ports 
increases the difficulty in the sharing and administration of the limited VLAN address 
space, as it now has to be coordinated across any connected group of Ethemet networks, 
even if they only are connected by termination on a common WAN access switch, as 
shown in Figure 8. It also limits the size of a single switch in terms of VLAN capacity, 
being confined to 4096 VLANs on any given switch. 

Referring to FIG. 9, in accordance with the present invention, the significance of 
the VLAN tag is localized to each physical port on the Ethemet switch 2000000, instead 
of being global to a network. At an ingress switch port, say port 22000000, the VLAN 
tag is still used to discriminate between different customer's traffic or services, but the 
switch 2000000 is free to re-write the tag to another value that is unique to the physical 
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egress port 40000000. In other words, the switch 20000000 may terminate traffic from 
many independent networks, each using the full 4096 VLAN address space, and 
internally map the traffic using a imique tuple of (Physical port, VLAN ID) to the switch 
output ports (only one of which is shown). This dramatically increases the scale 

achievable with a single switch, which is, by virtue of the mapping of tags from an 
ingress to egress port is now limited only by 4096 VLAN IDs on each physical port, 
rather than a total 4096 VLANs as is the case of the prior network of FIG. 8. 

IN THE CLAIMS: 

Cancel Claims 1-25 and insert claims 26-30 

26. In an Ethemet protocol network having at least one switch with plurality 
of ingress ports that are each adapted to receive at least one Ethemet frame that includes a 
tag that identifies a particular network sending the frame, and the switch having at least 
one egress port on which the frame is output, a method for operating said switch, 
comprising the step of: 

mapping the tag in the Ethemet frame received at the one ingress port to a second 
tag associated with the egress port through which the switch outputs the frame; and 

overwriting the tag in the Ethemet frame with the second tag prior to outputting 
the frame on the egress port. 

27. The method according to claim 26 wherein the tag is mapped using a 
unique tuple of the port and a Virtual Local Area Network (VLAN) identifier. 

28. The method according to claim 27 wherein the Virtual Local Area 
Network (VLAN) identifier has an prescribed address space and wherein each egress port 
can support a quantity of VLANS limited only by the prescribed address space of the 
VLAN identifier. 
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29. The method according to claim 28 wherein the VLAN identifier has an 
address space of 4096 and wherem each egress port can support 4096 separate VLANs. 

30. In an Ethernet protocol network having at least one switch with plurality 
of ingress ports that are each adapted to receive at least one Ethernet frame that includes a 
Virtual Local Area Network (VLAN) ID tag that identifies a particular network sending 
the frame to that ingress port, and the switch has at least one egress port on which the 
frame is output, a method for operating said svdtch, comprising the step of: 

mapping the tag in the Ethemet frame received at the one ingress port to a second 
tag using a unique tuple of the port and a Virtual Local Area Network (VLAN) identifier; 
and 

overwriting the tag in the Ethemet frame received at the one ingress port with the 
second tag prior to outputting the frame on the egress port. 
IN THE DRAWINGS 

Kindly enter newly submitted FIGURES 8 and 9. 
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REMARKS 



The foregoing amendment has been tendered in connection with the instant 
continuation-in-part appHcation. 

In the event that any issues remain following entry of this amendment, applicant's 
attomey invites the examiner to contact him (908) 221-5714 for either a personal or 
telephone interview if the examiner believes that such would expedite the prosecution of 
this application. 




Robefrt B. Levy; Attomey 
Registration No. 28,234 




AT&T 



Date 



-14- 



IDS 2001-0660CIP 



MARKED-UP VERSION SHOWING CHANGES 
IN THE SPECIFICATION: 

Page 1, lines 3-4 

This invention relates to a technique enabling access to packet-based services, 
such as IP, Frame Relay, and ATM, through an Ethernet [P]2rotocol network. 

Page 1, lines 13-20 

As an alternative to private line access, communications service providers such as 
AT&T also offer virtual circuit access allowing several customers to logically share a 
single cu*cuit, thus reducing costs. Such shared circuits, typically referred to as 
Permanent Virtual Circuits, allow communication service providers to guarantee 
customer traffic flows that are distinguishable from each other , are secure, and allow 
customers to enjoy different service features. An example of such a technique for 
offering such shared service [in a Multi-Protocol Label Switchmg Network] is disclosed 
in U.S. Patent 6,081,524, assigned to AT&T. 

Page 2, lines 8-20 

Briefly, in accordance with a preferred embodiment, a method is provided for 
routing data in an Ethernet protocol network having a plurality of platforms, each serving 
one or more customers. A first platform receives at least one frame from a sending site 
(e.g., a first customer's premises) that is destined for a receiving site (e.g., another 
premises belonging to the same or a different customer.) After receiving the frame, the 
first platform overwrites a portion of the firame with a customer descriptor that 
specifically identifies the sending customer. In practice, the first platform [will] may 
overwrite a Virtual Local Area Network (VLAN) field that is typically employed by the 
sending customer for the purposes of routing data among various VLANs at the sending 
premises [premises]. Rather than overwrite the VLAN field in the fi-ame, the first 
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platform could overwrite another field, such as the source address field, or could even 
employ a "shim" header containing the customer descriptor. All further use of the term 
customer descriptor implies that any of the above or similar techniques could be used. 

Page 2, lines 21-28, page 3, lines 1-2 

After overwriting the fi-ame with the customer descriptor, the sending platform 
routes the firame onto the MAN [network] for routing among the other platforms, thereby 
sharing trunk bandwidth and other resovirces, but logically distinct fi-om other 
[customer's] customers' t raffic with different customer descriptors. A destination 
address in the frame directs the frame to its corresponding [receiving platform] endpoint . 
Upon receipt of the frame, the receiving platform uses the customer descriptor to 
segregate the firame for delivery to the proper destination, especially in the event where 
different customers served by the same platform use overlapping addressing plans. Thus, 
the customer descriptor in each frame advantageously enables the receiving platform to 
distinguish between different customers served by that platform. 

Page 3, lines 3-6 

For traffic with a destination beyond the MAN, this method provides a convenient 
and efficient way to map the customer[-]descriptor to similar identifiers in a Wide Area 
Network (WAN), such as a Permanent Virtual Circuit (PVC), a Virtual Private Network 
(VPN), or an MPLS Label Switched Circuit. 



-16- 



IDS 2001-0660CIP 



Page 3, lines 7-13 

Overwriting each frame with the customer[-]descriptor thus affords the ability to 
logically segregate traffic on the Ethernet MAN to provide Virtual Private Network 
(VPN) services of the type offered only on more expensive Frame Relay and ATM 
networks. Moreover, the customer descriptor used to tag each frame can advantageously 
include Quality of Service (QoS) information, allowing the sender to specify different 
QoS levels for different traffic types, based on the Service Level Agreement (SLA) 
between the customer and the communications service provider. 

Page 3, lines 15-17 

FIGURE 1 depicts an Ethernet [PJprotocol Metropolitan Area Network (MAN) in 
which each [information] frame is tagged with a customer descriptor in its VLAN field in 
accordance with the present principles; 

Page 3, lines 18-19 

FIGURE 2 illustrates a sample [information] frame for transmission over the 
network of FIG. 1; 

Page 3, lines 24-26 

FIGURE 5 illustrates a portion of a MAN showing the manner in which 
[information] frames are mapped to different Permanent Virtual Circuits by an ATM 
switch; 
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Page 3, lines 27-29 

FIGURE 6 illustrates a portion of a MAN showing the manner in which 
[information] frames are mapped into different Multi-Protocol Label Switching (MPLS) 
tunnels; [and] 

Page 4, lines 1-2 

FIGURE 7 illustrates a portion of a MAN showing the manner in which 
[information] frames are mapped into different service networks[.]; 

FIGURE 8 illustrates a portion of a prior art Ethernet protocol network in which 
the VLAN on an incoming frame received at an ingress port of a switch extends directly 
to frame output by the switch at an egress port; and 

FIGURE 9 illustrates a portion of an altemate preferred embodiment of the 
invention in which a VLAN tag on a frame received at an ingress port of a switch is 
mapped to a second tag that is unique to an egress port of the switch which outputs the 
frame. 

Page 4, lines 4-10 

FIGURE 1 depicts an Ethemet Protocol Metropolitan Area Network (MAN) 1 0 
comprised of a plurality of Multi-Service Platforms (MSPs) 12i-12« where n is an integer, 
each MSP taking the form of an Ethemet switch or the like. In the illustrated 
embodiment «=4^ although the network 10 could include a smaller or larger number of 
MSPs. A fiber ring or SONET ring infrastructure 14 connects the platforms 12i-124 in 
daisy-chain fashion allowing each MSP to statistically multiplex information onto, and to 
statistically de-multiplex[ing] information off the ring infrastructure 14. 

Page 4, lines 11-21 
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Each of MSPs 12i-123 serves at least one, and in some instances, a plurality of 
premises 16 belonging to one or more customers. In the illustrated embodiment of FIG. 
1, the MSP 12i serves a single customer premises 16i belonging to customer 1 whereas, 
the MSP 122 serves premises I62, and I63 belonging to customers 2 and 3, respectively. 
The MSP 123 serves a single premises I64 that belongs to customer 3. The MSPs 12i- 
1[3]23 are linked to their corresponding premises via 10, 100 or 1000 MB links[18] 19. 
The MSP 124 bears the legend "CO MSP" because it serves as a central office to route 
traffic from the MAN 10 to a Provider Edge Router (PER) 18 for delivery to other 
networks, such as Frame Relay, ATM, MPLS networks or the Internet as discussed 
hereinafter. By the same token, the PER 18 can route traffic from such other networks 
onto the MAN 10 via the CO MSP I24, 

Page 4, lines 22-29 

The traffic routed onto and off of the MAN 10 by each MSP takes the form of one 
or more [information] frames 20 depicted in FIG. 2. Heretofore, traffic routed onto the 
MAN [network] 10 from a particular customer's premises was combined with other 
customer[']s^ traffic with no logical separation, thus raising security concerns. Moreover, 
since all customers' traffic share the same bandwidth, difficulties existed in prior art 
Ethemet MANs in regulating the traffic from each customer's premises, and in affording 
different customers different Quality of Service (QoS) levels in accordance with 
individual Service Level Agreements. 

Page 5, lines 1-8 

These difficulties are overcome in accordance with the present principles by 
"tagging" each frame 20 routed onto the [network] MAN 10 at a particular MSP, say 
MSP 123, with a customer descriptor 22' (best seen in FIG. 2) that identifies the customer 
sending that fi-ame. As discussed in greater detail below, each MSP receiving a fi-ame 20 
on the fiber ring infirastructure 14 uses the customer descriptor 22' in that frame to 
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maintain distinct routing and addressing tables that are assigned to each customer served 
by that MSP. This permits each customer to use [their] its own addressing plan without 
fear of overlap with other customers, as the[y] customers are all maintained as logically 
separate. 

Page 5, lines 9-15 

FIGURE 2 depicts the structure of an exemplary Ethemet protocol frame 20 
specified by Ethemet Standard 802.1Q. Among the blocks of bytes within each frame 20 
is a Virtual Local Area Network (VLAN) Identifier 22 comprised of sixteen bits. In 
practice, the VLAN identifier 22, in conjunction with a VLAN flag [block] 23 within the 
frame, facilitates routing of the frame within a customer's premises to a particular 
VLAN. However, the VLAN identifier 22 has no influence on routing of the frame 20 
after receipt at a MSP. 

Page 5, lines 16-28 

In accordance with the present principles, the prior disadvantages associated with 
conventional Ethemet networks, namely the lack of security and inability to regulate QoS 
levels, are overcome by overwriting the VLAN identifier 22 in each frame 20 with the 
customer descriptor maintained by the service provider. Overwriting the VLAN 
identifier 22 of FIG. 2 of each frame 20 with the customer descriptor 22' serves to "tag" 
that frame with tiie identity of its sending customer [identity], thus affording each MSP in 
the [network] MAN 10 the ability to route those frames only among the premises 
belonging to that same sending customer. Such tagging affords the operator of the 
[network] MAN 10 the ability to provide security in connection with frames transmitted 
across the network, since frames with customer ID A would not be delivered to any 
premises of customer with ID B. As an example, two or more customers served by a 
single MSP may use overlapping IP addressing schemes. In the absence of any other 
identifier, the MSP receiving [such] frame s with overlapping IP addresses lacks the 
ability to assure accurate delivery. 



-20- 



IDS 2001-0660CIP 



Page 5, lines 29-31, Page 6, lines 1-3 

In the illustrated embodiment depicted in FIG. 2, each MSP of Fig. 1 tags [the] 
each outgoing frame 20 by overwriting the VLAN identifier 22 with the customer 
descriptor 22'. However, tagging could occur in other ways, rather than overwriting the 
VLAN identifier 22. For example, the source address block 25 within the frame 20 could 
be overwritten with the customer descriptor 22'. Altematively, the data field [25] 21 
could include a shim header comprising the customer descriptor 22\ 

Page 6, lines 4-15 

The tagging of each frame 20 with the customer descriptor 22' affords several 
distinct advantages in connection with routing of the frames through the MAN 10. First, 
as discussed above, the tagging affords each recipient MSP the ability to distinguish 
traffic destined for customers with overlappmg address schemes, and thus allows for 
segregating traffic on the MAN 10. Further, tagging each frame 20 with the customer 
descriptor 22' enables mapping of the frames from a MAN 100 depicted in FIG 3 to 
corresponding one of a plurality of customer Virtual Private Networks 261-263 within an 
MPLS network 28. As seen in FIG. 3, an MSP I2O2 within the MAN 100 receives traffic 
from premises I6O1, 16O2, and I6O3 belonging to customer 1, customer 2 and customer 3, 
respectively, which enjoy separate physical links to the MSP. Upon receipt of each frame 
from a particular customer, the MSP I2O2 overwrites that frame with the customer 
descriptor 22^ corresponding to the sending customer. 

Page 6, lines 16-22 

After taggmg each [data] frame, the MSP I2O2 statistically multiplexes the frames 
onto the fiber ring infrastructure 14 for transmission to a CO MSP I2O4 for receipt at a 
destination PER 180 that serves the MPLS network 28 within which are customer Virtual 
Private Networks 261-263. Using the customer descriptor 22^ in each frame, the PER 180 
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maps the frame to the corresponding VPN identifier associated with a particular one of 
customer Virtual Private Networks 261-263 to properly route each frame to its intended 
destination. 

Page 6, lines 23-31, page 7, lines 1-2 

The tagging scheme of the present mvention also affords the ability to route 
[information] frames with different QoS levels within a MAN 1000 depicted in FIG 4. 
As seen in FIG. 4, an MSP I2OO2 within the MAN 1000 receives traffic from premises 
I6OO2, and I6OO3 belonging to customer 2 and customer 3, respectively, which enjoy 
separate physical links to the MSP, allowing each to send [information] frames into the 
MAN. In the illustrated embodiment of FIG. 4, the frames originating from the premise 
I6OO2 may contain either voice or data and have a corresponding QoS level associated 
with each type of frame. Upon receiving such frames, the MSP I2OO2 overwrites the 
frame with the customer descriptor 22^ corresponding to the particular customer sending 
the frame. The customer descriptor 22^ will not only contain the identity of the sending 
customer, but the corresponding QoS level associated with that frame. 

page 7, lines 3-10 

After tagging each [data] frame, the MSP I2OO2 statistically multiplexes the 
frames onto the fiber ring infrastructure 14 for transmission to a CO MSP I2OO4 for 
receipt at a destination PER 1800 that serves an MPLS network 280 within which are 
customer Virtual Private Networks 26O2 and 26O3. Using the customer descriptor 22^ in 
each frame, the PER 1800 of FIG. 4 maps the frame to the corresponding customer VPN 
to properly route each frame to its intended customer [premises] VPN. Further, the PER 
1800 of FIG. 4 also maps the QoS level specified in the customer descriptor in the frame 
to assure that the appropriate quality of service level is applied to the particular frame. 
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In the above-described embodiments, the frames of customer traffic have been 
assumed to comprise IP packets that terminate on a router (i.e., Provider Edge Routers 
18, ISOand 1800) and that the VPNs employ MPLS-BGP protocols. However, some 
customers may require multi-protocol support, or may otherwise require conventional 
PVCs so that the traffic streams must be mapped into Frame Relay or ATM PVCs as 
depicted in FIG. 5, which illustrates a portion of a MAN 10000 having a CO MSPI2OOO4 
serving an ATM switch 30 that receives traffic from the MAN. As seen in FIG. 5, each 
of premises I6OOO1, 16OOO2 and I6OOO3 belonging to customer 1, customer 2 and 
customer 3, respectively^ [5] may [originate information] send frames for receipt at MSP 
I2OOO2 in the MAN 10000. The MSP I2OOO2 tags each frame with the corresponding 
customer descriptor prior to statistically multiplexing the data for transmission on the 
fiber ring infrastructure 14 to the CO MSP I2OOO4 for receipt at the ATM switch 30. The 
ATM switch 30 then maps [the] each frame to the appropriate PVC in accordance with 
the customer descriptor 22]^ in the frame in a manner similar to the mapping described 
with respect to FIG. 3. Thus, the ATM switch 30 could map the frame to one of Frame 
Relay recipients' 32i, 322, or 323, ATM recipients 324 or 325 or IMA (Inverse 
Multiplexing over ATM) recipient 326. 

Page 7, lines 28-31, Page 8, lines 1-6 

FIG. 6 depicts a portion of a MAN network 100000 that routes frames onto 
separate MPLS tunnels 4O1-4O3 (each emulating a private line 32 in an MPLS network 
28000) in accordance with the customer descriptor 22^ written into each frame by a MSP 
I2OOOO2 in the MAN. Each of customer premises I6OOOO1, I6OOOO2 and I6OOOO3 
depicted in FIG. 6 [originate] sends information frames for receipt at MSP I2OOOO2. The 
MSP I2OOOO2 tags each frame with the customer descriptor prior to statistically 
multiplexing the data for transmission on the fiber ring infrastructure 14 for delivery to a 
CO MSP I2OOOO4 that serves a PER 18000. The PER 18000 translates (maps) the 
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customer descriptors written onto the frames by the MSP I2OOOO2 into the MPLS tunnels 
4O1-4O3 to enable the PER to route the traffic to the intended customer. 

Page 8, lines 7-17 

FIG. 7 depicts a portion of a MAN network 1000000 for routing traffic (i.e., 
[information] frames) onto separate networks in accordance with the customer descriptor 
written into each the frame by a MSP I2OOOO2 in the MAN. Each of customer premises 
I6OOOOO2 and 16000003 depicted in FIG. 7 [originates information] sends frames for 
receipt by the MSP I2OOOOO2. The MSP I2OOOOO2 tags each frame with the customer 
descriptor 22^ prior to statistically multiplexing the data for transmission on the fiber ring 
infrastructure 14 for delivery to a CO MSP I2OOOOO4 that serves a PER 1 80000. In 
accordance with the customer descriptor, the PER 1800000 of FIG. 7 routes traffic to a 
particular one of several different networks, e.g., an Intranet VPN 42 1, a voice network 
422 and the Intemet 423, in accordance with the customer descriptor 22^ written onto the 
frame by the MSP 1200000^. 

Page 8, before line 18 insert 

Referring to FIG. 8, a prior art Ethernet switch 20000000 receives Ethernet 
frames at one of a plurality of input (ingress) ports, exemplified by ports 2200QQQ0, 
24000000, and 26000000, from one a corresponding one of networks 28000000, 
30000000 and 32000000, respectively. The frames are destined for an endpoint (not 
shown) served by a Wide Area Network (WAN) 36000000 linked to an egress port 
4000QQQ0 of the switch 200QQ000 by an Ethernet trunk 38000000. Each Ethernet frame 
received at one of the ingress switch ports 22000000, 24000000, and 26000000 carries a 
tag, which in accordance vyith the IEEE 802. IQ Standard, identifies the Virtual Local 
Area Network (VLAN) that originated the frame. Thus, for example, a frame originated 
at network 32000000 associated with a VLAN having an Identification Designation (ID) 
of 5 will carry a tag with the corresponding VLAN ID. The VLAN address is twelve 
bits, offering the ability designate as many as 4096 separate VLANs. 
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A VLAN domain extends across any set of connected Ethernet switches, and 
therefore the address space of 4096 individual VLANs is shared across such an extended 
network of switches. In the past, the VLAN tag associated with an incoming Ethernet 
frame received at one of the ingress switch ports will extend directly to the egress switch 
port. Hence, the VLAN tag of an Ethernet frame received at the ingress port 26000000 
extends directly to the egress port 40000000 on which the switch outputs the frame. The 
direct extension of the VLAN tag between the Ethernet switch ingress and egress ports 
increases the difficulty in the sharing and administration of the limited VLAN address 
space, as it now has to be coordinated across any connected group of Ethernet networks, 
even if they only are connected by termination on a common WAN access switch, as 
shown in Figure 8. It also limits the size of a single switch in terms of VLAN capacity, 
being confined to 4096 VLANs on any given switch. 

Referring to FIG. 9, in accordance v^th the present invention, the significance of 
the VLAN tag is localized to each physical port on the Ethemet switch 2000000, instead 
of being global to a network. At an ingress svyitch port, say port 22000000, the VLAN 
tag is still used to discriminate between different customer's traffic or services, but the 
switch 2000000 is free to re-write the tag to another value that is unique to the physical 
egress port 40000000. In other words, the switch 20000000 may terminate traffic from 
many independent networks, each using the full 4096 VLAN address space, and 
intemally map the traffic using a unique tuple of (Physical port, VLAN ID) to the switch 
output ports (only one of which is shown). This dramatically increases the scale 
achievable with a single switch, which is, by virtue of the mapping of tags from an 
ingress to egress port is now limited only by 4096 VLAN IDs on each physical port, 
rather than a total 4096 VLANs as is the case of the prior network of FIG. 8. 

IN THE CLAIMS: 

Cancel Claims 1-25 and insert claims 26-30 

-26. In an Ethemet protocol network having at least one switch with plurality 
of ingress ports that are each adapted to receive at least one Ethemet fi-ame that includes a 
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3 tag that identifies a particular network sending the frame, and the switch having at least 

4 one egress port on which the frame is ou^ut, a method for operating said switch, 

5 comprising the step of: 

6 mapping the tag in the Ethernet frame received at the one ingress port to a second 

7 tag associated with the egress port through which the switch outputs the frame; and 

8 overwriting the tag in the Ethemet frame with the second tag prior to outputting 

9 the frame on the egress port. 



27. The method accorduig to claim 26 wherein the tag is mapped using a 
unique tuple of the port and a Virtual Local Area Network (VLAN) identifier. 

1 28. The method according to claim 27 wherein the Virtual Local Area 

^ 2 Network (VLAN) identifier has an prescribed address space and wherein each egress port 

C3 3 can support a quantity of VLANS Umited only by the prescribed address space of the 

^ 4 VLAN identifier. 

Ifl 1 29. The method according to claim 28 wherein the VLAN identifier has an 

\ 2 address space of 4096 and wherein each egress port can support 4096 separate VLANs. 

U 1 30. In an Ethemet protocol network having at least one switch with plurality 

^ 2 of ingress ports that are each adapted to receive at least one Ethemet fi:ame that includes a 

3 Virtual Local Area Network (VLAN) ID tag that identifies a particular network sending 

4 the frame to that ingress port, and the switch has at least one egress port on which the 

5 frame is output, a method for operating said switch, comprising the step of: 

6 mapping the tag in the Ethemet frame received at the one ingress port to a second 

7 tag using a unique tuple of the port and a Virtual Local Area Network (VLAN) identifier; 

8 and 

9 overwriting the tag in the Ethemet frame received at the one ingress port with the 
10 second tag prior to outputting the frame on the egress port. — 
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ABSTRACT OF THE DISCLOSURE 

An Ethernet Metropolitan Area Network (10) provides connectivity to one 
or more customer premises (16i, I62, 163) to packet-based services, such as ATM, Frame 
Relay, or IP, while advantageously providing a mechanism for assuring security and 
regulation of customer traffic. Upon receipt of each customer-generated information 
frame (20), an ingress Multi-Service Platform (MSP) (I22) "tags" the frame with a 
customer descriptor (22') that specifically identifies the recipient customer. In practice, 
the MSP tags each frame by overwriting the Virtual Local Area Network (VLAN) 
identifier (22) with the customer descriptor. Using the customer descriptor in each frame, 
a recipient Provider Edge Router (PER) (18) or ATM switch can map the information as 
appropriate to direct the information to the specific customer at its receiving site. In 
addition, the customer descriptor (22') may also include Quality of Service (QoS) 
information, allowing the recipient Provider Edge Router (PER) (18) or ATM switch to 
afford the appropriate QoS level accordingly. Each Ethernet switch may advantageously 
overwrite the VLAN identifier at an incoming port with a second tag associated with an 
egress port to increase the scale associated with single switch. 
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